Google is Changing How it Treats SSL
Google has been on a mission recently to get websites to adopt SSL. You may recognize sites with SSL certificates: they’re the ones that start with https:// instead of http://. When a site uses SSL, information that’s passed to that site’s server remains private.
To incentivize website owners to adopt SSL, Google has done two things. First, it uses the presence of an SSL certificate as a ranking signal. Second, it adds a positive designation in the address bar of the Google Chrome browser when you visit a site that uses SSL and, at the same time, adding a warning notice for sites that do not.
Google is making a change to how its popular Chrome browser identifies secure sites. Instead of focusing on pointing out that a site is secure, it will begin focusing instead on when a site is not secure.
In the image below, the first address bar shows how sites with a Domain Validated (DV) certificate look right now. They get a green padlock symbol and the word “Secure.”
When Chrome version 69 arrives in September, this will be downgraded to only show a black padlock. Eventually, sites with SSL will not show any security symbol whatsoever.
As the positive identifiers go away, Chrome will adopt a stronger warning on sites that don’t have SSL.
Sites without an SSL certificate currently show a black “Not Secure” message in Chrome. Beginning with Chrome version 70 in October, this message will become red with a warning sign when someone enters data on the site, such as filling out a comment form.
Here’s a graphic from Google that demonstrates this:
Why the Change?
Google says that there were too many sites without SSL previously to mark them with a strong red warning. As SSL adoption grows, Google wants people to think of sites as secure by default and instead focus on warning visitors when a site does not have SSL.
Although they didn’t mention it, Google might also have another reason for the change. People tend to see the green padlock and “secure” notice at the top of websites and think that the site is safe. While it’s true that the data you submit on sites with https:// is securely transferred to the server, that doesn’t mean that the owner of the site isn’t a bad actor. For example, a “typo domain” used for phishing can easily get an SSL certificate.
What You Should Do
If you haven’t added an SSL certificate to your website, now is the time to do so. It’s possible you are already scaring off website visitors by not having one.
Don’t worry if you aren’t tech savvy; there are many resources out there for installing SSL certificates. Be sure to check out the Namecheap FAQs for more info.
SSL certificates are also much cheaper than they used to be. You can order an SSL certificate from Namecheap for less than the cost of most domain names!